1. What This Policy Covers
This policy applies to personal information we collect from:
- Users who register and use the Service (Restaurants, Suppliers, and their staff);
- visitors to our website;
- prospective customers we engage with through marketing or outreach;
- individuals whose contact details are provided to us by Users (for example, a supplier contact submitted by a restaurant).
2. Personal Information We Collect
Identity and contact information: name, business name, ABN, business role, email address, phone number, business address.
Account information: login credentials (passwords are stored hashed, not in plain text), user preferences, role (restaurant, supplier, admin), subscription tier.
Transactional information: orders placed, products viewed, catalogues uploaded, prices, invoices, communications between Users on the platform, watchlists.
Payment information: payment details are collected and stored by our third-party payment processor; we receive limited tokens and transaction metadata, not your full card number.
Technical information: IP address, browser type, device identifiers, pages visited, interaction events, and other analytics data.
Communications: messages you send through our in-platform chat, email, or messaging integrations.
Business information from third parties: where permitted, we may enrich your business profile with publicly available data (for example, from ABN Lookup or business directory sources).
We do not knowingly collect sensitive information (as defined in the Privacy Act) and ask that you do not submit it through the Service.
3. How We Collect Personal Information
We collect personal information:
- directly from you when you register, use the Service, upload content, or communicate with us;
- automatically through cookies, analytics tools, and server logs when you use the Service;
- from third-party sources, such as public government registries or business directory providers, where lawful and proportionate;
- where another User refers or invites you to the platform.
4. Why We Collect and Use Personal Information
We use personal information to:
(a) provide and operate the Service, including authentication, order management, messaging, and billing;
(b) verify your business identity and eligibility to use the Service;
(c) process payments;
(d) provide customer support and respond to enquiries;
(e) send service communications (for example, order confirmations, billing notices, security alerts);
(f) send marketing communications where permitted under the Spam Act 2003 (Cth) and our communications preferences;
(g) improve, personalise, and develop the Service, including training and refining our search, categorisation, and recommendation systems;
(h) detect, prevent, and respond to fraud, misuse, and security incidents;
(i) produce de-identified, aggregated analytics and insights as described in clause 11 below;
(j) comply with our legal obligations.
5. Disclosure of Personal Information
We may disclose personal information to:
Other Users of the Service. Supplier listings and business profile information are displayed to Restaurants; Restaurant order details are disclosed to the relevant Supplier. We only disclose what is necessary for the Service to function.
Service providers. We engage trusted third parties to help us operate the Service, bound by confidentiality and data-protection obligations. These providers fall into the following categories:
- hosting, database, and cloud infrastructure providers;
- payment processors;
- accounting and invoicing integration partners;
- messaging, email, and notification providers;
- error monitoring and observability providers;
- analytics providers;
- business data enrichment providers (including public government registry and business directory APIs);
- AI and machine-learning service providers used to categorise, extract, and enrich content.
A current list of our key sub-processors is available on request by emailing info@freshlinkhub.com.
Professional advisers: lawyers, accountants, auditors, and insurers, bound by confidentiality.
Authorities: where required or authorised by law, including to law enforcement, regulators, or courts.
Successors: if we sell, merge, or restructure the business, personal information may be transferred to the successor entity, subject to equivalent privacy protections.
We do not sell your personal information.
6. Overseas Disclosure (APP 8)
Some of the service providers described in clause 5 store or process personal information outside Australia. Recipients are typically located in Australia and the United States, and in some cases in other jurisdictions where our providers operate global infrastructure.
Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles it in a manner consistent with the APPs, including:
- selecting providers that offer enterprise-grade security and published privacy commitments;
- entering into contractual terms that require compliance with applicable privacy and data-protection standards;
- using data-processing addenda or equivalent safeguards where available.
By using the Service, you acknowledge that your personal information may be disclosed to overseas recipients for the purposes described in this policy.
7. Data Retention
We keep personal information only for as long as necessary to provide the Service and meet our legal obligations.
| Category | Retention |
|---|---|
| Account and profile information | For the life of your Account, plus a 30-day grace period after termination, then deleted or de-identified within 90 days |
| User-uploaded Content (catalogues, menus, messages) | Same as above |
| Order, invoice, and payment records | Up to 7 years after the relevant transaction, as required by Australian tax and corporate record-keeping laws |
| Server logs and analytics events | Typically 12–24 months |
| Records we are required by law to retain | For the period required by law |
| De-identified and aggregated data | May be retained indefinitely, as it no longer identifies you |
You may request deletion at any time — see clause 10.
8. Data Security
We take reasonable steps to protect personal information from loss, misuse, interference, unauthorised access, modification, and disclosure, including:
- encryption in transit (HTTPS/TLS);
- encryption at rest for sensitive data;
- role-based access controls and row-level security at the database layer;
- hashed password storage;
- activity logging and monitoring;
- regular security reviews and dependency updates.
No system is completely secure. If we become aware of a data breach that is likely to cause serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.
9. Cookies and Analytics
The Service uses cookies and similar technologies for essential functionality (for example, keeping you logged in) and for analytics (for example, understanding how features are used).
You can disable or delete cookies in your browser settings. Disabling essential cookies may prevent parts of the Service from functioning.
By using the Service you consent to our use of cookies as described in this policy.
10. Your Rights
Under the Privacy Act and the APPs you have the right to:
Access your information. You may request a copy of the personal information we hold about you.
Correct your information. You may ask us to correct information that is inaccurate, incomplete, or out of date.
Delete your information. You may ask us to delete your personal information, subject to our legal retention obligations (see clause 7).
Export your information. You may request an export of your Content at any time before deletion.
Withdraw consent. You may unsubscribe from marketing communications at any time via the unsubscribe link or your Account settings.
Complain. See clause 13 below.
To exercise these rights, contact us at info@freshlinkhub.com. We will respond within a reasonable period (typically 30 days). We may need to verify your identity before acting on a request.
11. De-identified and Aggregated Data
We may produce de-identified, aggregated insights from platform activity — for example, market pricing trends, category demand, regional procurement patterns. Before any aggregated insight is published, shared, or sold:
- direct identifiers (business name, ABN, email) are removed;
- data is grouped across a minimum of five (5) Users wherever business-level detail is reported;
- location is generalised to region or postcode-group level;
- specific SKUs and supplier-level prices are not disclosed externally.
Once produced to this standard, aggregated data no longer constitutes personal information under the Privacy Act and is not subject to this Privacy Policy.
Further detail is set out in our Data Use Schedule.
12. Children's Privacy
The Service is a B2B platform and is not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will delete it.
13. Complaints
If you believe we have breached the Privacy Act or this policy:
- Contact us at info@freshlinkhub.com with a description of the concern. We will respond within a reasonable period (typically 30 days) and work with you to resolve it.
- If you are not satisfied, you may lodge a complaint with the Office of the Australian Information Commissioner:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5288, Sydney NSW 2001
14. Changes to This Policy
We may update this policy from time to time. For material changes we will provide at least 30 days' notice by email and by prominent notice on the Service. Continued use after the change takes effect constitutes acceptance.
15. Contact
The Growth Protocol Pty Ltd
ABN 59 680 355 060
Trading as FreshLink Hub
1 Bromley Road, Huntfield Heights, South Australia 5163
Privacy contact: info@freshlinkhub.com